prowler-cloud 5.14.0__py3-none-any.whl → 5.14.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- prowler/CHANGELOG.md +8 -0
- prowler/config/config.py +1 -1
- prowler/providers/m365/services/exchange/exchange_mailbox_policy_additional_storage_restricted/exchange_mailbox_policy_additional_storage_restricted.py +17 -21
- prowler/providers/m365/services/exchange/exchange_service.py +18 -12
- prowler/providers/m365/services/sharepoint/sharepoint_external_sharing_managed/sharepoint_external_sharing_managed.py +9 -7
- {prowler_cloud-5.14.0.dist-info → prowler_cloud-5.14.1.dist-info}/METADATA +1 -1
- {prowler_cloud-5.14.0.dist-info → prowler_cloud-5.14.1.dist-info}/RECORD +10 -10
- {prowler_cloud-5.14.0.dist-info → prowler_cloud-5.14.1.dist-info}/LICENSE +0 -0
- {prowler_cloud-5.14.0.dist-info → prowler_cloud-5.14.1.dist-info}/WHEEL +0 -0
- {prowler_cloud-5.14.0.dist-info → prowler_cloud-5.14.1.dist-info}/entry_points.txt +0 -0
prowler/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,14 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to the **Prowler SDK** are documented in this file.
|
|
4
4
|
|
|
5
|
+
## [v5.14.1] (Prowler v5.14.1)
|
|
6
|
+
|
|
7
|
+
### Fixed
|
|
8
|
+
- `sharepoint_external_sharing_managed` check to handle external sharing disabled at organization level [(#9298)](https://github.com/prowler-cloud/prowler/pull/9298)
|
|
9
|
+
- Support multiple Exchange mailbox policies in M365 `exchange_mailbox_policy_additional_storage_restricted` check [(#9241)](https://github.com/prowler-cloud/prowler/pull/9241)
|
|
10
|
+
|
|
11
|
+
---
|
|
12
|
+
|
|
5
13
|
## [v5.14.0] (Prowler v5.14.0)
|
|
6
14
|
|
|
7
15
|
### Added
|
prowler/config/config.py
CHANGED
|
@@ -38,7 +38,7 @@ class _MutableTimestamp:
|
|
|
38
38
|
|
|
39
39
|
timestamp = _MutableTimestamp(datetime.today())
|
|
40
40
|
timestamp_utc = _MutableTimestamp(datetime.now(timezone.utc))
|
|
41
|
-
prowler_version = "5.14.
|
|
41
|
+
prowler_version = "5.14.1"
|
|
42
42
|
html_logo_url = "https://github.com/prowler-cloud/prowler/"
|
|
43
43
|
square_logo_img = "https://raw.githubusercontent.com/prowler-cloud/prowler/dc7d2d5aeb92fdf12e8604f42ef6472cd3e8e889/docs/img/prowler-logo-black.png"
|
|
44
44
|
aws_logo = "https://user-images.githubusercontent.com/38561120/235953920-3e3fba08-0795-41dc-b480-9bea57db9f2e.png"
|
|
@@ -13,32 +13,28 @@ class exchange_mailbox_policy_additional_storage_restricted(Check):
|
|
|
13
13
|
def execute(self) -> List[CheckReportM365]:
|
|
14
14
|
"""Run the check to validate Exchange mailbox policy restrictions.
|
|
15
15
|
|
|
16
|
-
Iterates through
|
|
17
|
-
providers are restricted and generates
|
|
16
|
+
Iterates through all mailbox policies to determine if additional storage
|
|
17
|
+
providers are restricted and generates reports for each policy.
|
|
18
18
|
|
|
19
19
|
Returns:
|
|
20
|
-
List[CheckReportM365]: A list of reports with the restriction status for
|
|
20
|
+
List[CheckReportM365]: A list of reports with the restriction status for each mailbox policy.
|
|
21
21
|
"""
|
|
22
22
|
findings = []
|
|
23
|
-
mailbox_policy
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
)
|
|
31
|
-
report.status = "FAIL"
|
|
32
|
-
report.status_extended = (
|
|
33
|
-
"Exchange mailbox policy allows additional storage providers."
|
|
34
|
-
)
|
|
35
|
-
|
|
36
|
-
if not mailbox_policy.additional_storage_enabled:
|
|
37
|
-
report.status = "PASS"
|
|
38
|
-
report.status_extended = (
|
|
39
|
-
"Exchange mailbox policy restricts additional storage providers."
|
|
23
|
+
for mailbox_policy in exchange_client.mailbox_policies:
|
|
24
|
+
if mailbox_policy:
|
|
25
|
+
report = CheckReportM365(
|
|
26
|
+
metadata=self.metadata(),
|
|
27
|
+
resource=mailbox_policy,
|
|
28
|
+
resource_name=f"Exchange Mailbox Policy - {mailbox_policy.id}",
|
|
29
|
+
resource_id=mailbox_policy.id,
|
|
40
30
|
)
|
|
31
|
+
report.status = "FAIL"
|
|
32
|
+
report.status_extended = f"Exchange mailbox policy '{mailbox_policy.id}' allows additional storage providers."
|
|
41
33
|
|
|
42
|
-
|
|
34
|
+
if not mailbox_policy.additional_storage_enabled:
|
|
35
|
+
report.status = "PASS"
|
|
36
|
+
report.status_extended = f"Exchange mailbox policy '{mailbox_policy.id}' restricts additional storage providers."
|
|
37
|
+
|
|
38
|
+
findings.append(report)
|
|
43
39
|
|
|
44
40
|
return findings
|
|
@@ -16,7 +16,7 @@ class Exchange(M365Service):
|
|
|
16
16
|
self.external_mail_config = []
|
|
17
17
|
self.transport_rules = []
|
|
18
18
|
self.transport_config = None
|
|
19
|
-
self.
|
|
19
|
+
self.mailbox_policies = []
|
|
20
20
|
self.role_assignment_policies = []
|
|
21
21
|
self.mailbox_audit_properties = []
|
|
22
22
|
|
|
@@ -27,7 +27,7 @@ class Exchange(M365Service):
|
|
|
27
27
|
self.external_mail_config = self._get_external_mail_config()
|
|
28
28
|
self.transport_rules = self._get_transport_rules()
|
|
29
29
|
self.transport_config = self._get_transport_config()
|
|
30
|
-
self.
|
|
30
|
+
self.mailbox_policies = self._get_mailbox_policy()
|
|
31
31
|
self.role_assignment_policies = self._get_role_assignment_policies()
|
|
32
32
|
self.mailbox_audit_properties = self._get_mailbox_audit_properties()
|
|
33
33
|
self.powershell.close()
|
|
@@ -164,21 +164,27 @@ class Exchange(M365Service):
|
|
|
164
164
|
|
|
165
165
|
def _get_mailbox_policy(self):
|
|
166
166
|
logger.info("Microsoft365 - Getting mailbox policy configuration...")
|
|
167
|
-
|
|
167
|
+
mailbox_policies = []
|
|
168
168
|
try:
|
|
169
|
-
|
|
170
|
-
if
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
169
|
+
policies_data = self.powershell.get_mailbox_policy()
|
|
170
|
+
if policies_data:
|
|
171
|
+
if isinstance(policies_data, dict):
|
|
172
|
+
policies_data = [policies_data]
|
|
173
|
+
for policy in policies_data:
|
|
174
|
+
if policy:
|
|
175
|
+
mailbox_policies.append(
|
|
176
|
+
MailboxPolicy(
|
|
177
|
+
id=policy.get("Id", ""),
|
|
178
|
+
additional_storage_enabled=policy.get(
|
|
179
|
+
"AdditionalStorageProvidersAvailable", True
|
|
180
|
+
),
|
|
181
|
+
)
|
|
182
|
+
)
|
|
177
183
|
except Exception as error:
|
|
178
184
|
logger.error(
|
|
179
185
|
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
|
180
186
|
)
|
|
181
|
-
return
|
|
187
|
+
return mailbox_policies
|
|
182
188
|
|
|
183
189
|
def _get_role_assignment_policies(self):
|
|
184
190
|
logger.info("Microsoft365 - Getting role assignment policies...")
|
|
@@ -11,12 +11,9 @@ class sharepoint_external_sharing_managed(Check):
|
|
|
11
11
|
Check if Microsoft 365 SharePoint external sharing is managed through domain whitelists/blacklists.
|
|
12
12
|
|
|
13
13
|
This check verifies that SharePoint external sharing settings are configured to restrict document sharing
|
|
14
|
-
to external domains by enforcing domain-based restrictions.
|
|
15
|
-
'sharingDomainRestrictionMode' must be set to either "AllowList" or "BlockList"
|
|
16
|
-
external sharing is
|
|
17
|
-
|
|
18
|
-
Note: This check only evaluates the domain restriction mode and does not enforce the optional check
|
|
19
|
-
of verifying that the allowed/blocked domain list is not empty.
|
|
14
|
+
to external domains by enforcing domain-based restrictions. When external sharing is enabled, the setting
|
|
15
|
+
'sharingDomainRestrictionMode' must be set to either "AllowList" or "BlockList" with a corresponding
|
|
16
|
+
domain list. If external sharing is disabled at the organization level, the check passes.
|
|
20
17
|
"""
|
|
21
18
|
|
|
22
19
|
def execute(self) -> List[CheckReportM365]:
|
|
@@ -40,7 +37,12 @@ class sharepoint_external_sharing_managed(Check):
|
|
|
40
37
|
)
|
|
41
38
|
report.status = "FAIL"
|
|
42
39
|
report.status_extended = "SharePoint external sharing is not managed through domain restrictions."
|
|
43
|
-
if settings.
|
|
40
|
+
if settings.sharingCapability == "Disabled":
|
|
41
|
+
report.status = "PASS"
|
|
42
|
+
report.status_extended = (
|
|
43
|
+
"External sharing is disabled at organization level."
|
|
44
|
+
)
|
|
45
|
+
elif settings.sharingDomainRestrictionMode in ["allowList", "blockList"]:
|
|
44
46
|
report.status_extended = f"SharePoint external sharing is managed through domain restrictions with mode '{settings.sharingDomainRestrictionMode}' but the list is empty."
|
|
45
47
|
if (
|
|
46
48
|
settings.sharingDomainRestrictionMode == "allowList"
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.3
|
|
2
2
|
Name: prowler-cloud
|
|
3
|
-
Version: 5.14.
|
|
3
|
+
Version: 5.14.1
|
|
4
4
|
Summary: Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.
|
|
5
5
|
License: Apache-2.0
|
|
6
6
|
Author: Toni de la Fuente
|
|
@@ -105,7 +105,7 @@ dashboard/pages/overview.py,sha256=eH08NS-EKggKXjo63BvFXSALpp-WWIWhlWc54YIdM40,8
|
|
|
105
105
|
dashboard/src/input.css,sha256=ZjC7DV_hHZRH92s0D-8Wk-L9WpP5oqfwIkfLi16GJdk,2936
|
|
106
106
|
dashboard/tailwind.config.js,sha256=sDwGYIDZwdefOCPrcCkjsOT8cYDHrkZAedPosdDnwMY,2391
|
|
107
107
|
prowler/AGENTS.md,sha256=ETv0yNxU3eTxViCSe6K_qABihEsRosW9F2Y1BR7FgZE,14281
|
|
108
|
-
prowler/CHANGELOG.md,sha256=
|
|
108
|
+
prowler/CHANGELOG.md,sha256=tYAtUZ2lSYA8kUjQJZD1so9WLGwYKaQJqEh-46KJRBs,49894
|
|
109
109
|
prowler/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
110
110
|
prowler/__main__.py,sha256=tCKSeYRoafcEtX4arcYT99fxMxYmFk6biGWRwdmn_8w,49806
|
|
111
111
|
prowler/compliance/aws/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -204,7 +204,7 @@ prowler/config/aws_mutelist.yaml,sha256=PW3ekqtwhpBedyPWyvh5oXCiJz94P3nJLrMYGUGI
|
|
|
204
204
|
prowler/config/aws_mutelist_example.yaml,sha256=O3fscPxW73tBcrAtKGo43btqnA6_mNW3myC21Gj0ysQ,2848
|
|
205
205
|
prowler/config/azure_mutelist_example.yaml,sha256=r87OAhBg0N32s-XFRHEY4BzrHfZLGE9DfM8YgAHn7cY,2024
|
|
206
206
|
prowler/config/checklist_example.json,sha256=E36OiPBUXF3fuKIu4mK92R3a3zFRGzKdztZdYsx5vQs,165
|
|
207
|
-
prowler/config/config.py,sha256=
|
|
207
|
+
prowler/config/config.py,sha256=r02KdqGfqIpVZpX_lS9Js2vcw1f_Bp8wQyjMvoJRO4w,8943
|
|
208
208
|
prowler/config/config.yaml,sha256=48OmXTeSL5wxAxJoicTXCOvuxrVjMjVIuafmYUHJ_8o,19394
|
|
209
209
|
prowler/config/custom_checks_metadata_example.yaml,sha256=vsn66e-kGDKfHJ0KhTa525wbquZN88Z5G_bMCIM0iG0,5720
|
|
210
210
|
prowler/config/fixer_config.yaml,sha256=D3yIuDsgcvLyMc4-nwhU4569l6z48CWm1UKekbqupKo,1591
|
|
@@ -3833,7 +3833,7 @@ prowler/providers/m365/services/exchange/exchange_mailbox_audit_bypass_disabled/
|
|
|
3833
3833
|
prowler/providers/m365/services/exchange/exchange_mailbox_audit_bypass_disabled/exchange_mailbox_audit_bypass_disabled.py,sha256=wfirWY2SwJO8TRERA7lNxUS8QdYLa9W_xA5gMwflfNA,1508
|
|
3834
3834
|
prowler/providers/m365/services/exchange/exchange_mailbox_policy_additional_storage_restricted/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
3835
3835
|
prowler/providers/m365/services/exchange/exchange_mailbox_policy_additional_storage_restricted/exchange_mailbox_policy_additional_storage_restricted.metadata.json,sha256=g1IOIx94HpE1KD8cEr10KxOWTU1rxoFWUKTcWf6tQsI,1449
|
|
3836
|
-
prowler/providers/m365/services/exchange/exchange_mailbox_policy_additional_storage_restricted/exchange_mailbox_policy_additional_storage_restricted.py,sha256=
|
|
3836
|
+
prowler/providers/m365/services/exchange/exchange_mailbox_policy_additional_storage_restricted/exchange_mailbox_policy_additional_storage_restricted.py,sha256=AoIIeD6tpmhvAmt84YdlzjnfPrGV1103_v3_5u0A2bg,1714
|
|
3837
3837
|
prowler/providers/m365/services/exchange/exchange_organization_mailbox_auditing_enabled/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
3838
3838
|
prowler/providers/m365/services/exchange/exchange_organization_mailbox_auditing_enabled/exchange_organization_mailbox_auditing_enabled.metadata.json,sha256=n-gR9fquCiVcX187B3os8gAFwwJ5foNYI80Z4EBKqbg,1409
|
|
3839
3839
|
prowler/providers/m365/services/exchange/exchange_organization_mailbox_auditing_enabled/exchange_organization_mailbox_auditing_enabled.py,sha256=a39TGnUmKnRejMpy71a9ViZYNu7SF-I6ozebut4KvKY,1558
|
|
@@ -3846,7 +3846,7 @@ prowler/providers/m365/services/exchange/exchange_organization_modern_authentica
|
|
|
3846
3846
|
prowler/providers/m365/services/exchange/exchange_roles_assignment_policy_addins_disabled/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
3847
3847
|
prowler/providers/m365/services/exchange/exchange_roles_assignment_policy_addins_disabled/exchange_roles_assignment_policy_addins_disabled.metadata.json,sha256=cN9dJ6914h9jEo_tr_Npx2JDh_Q3NQRqoJ_JwJS69_U,2146
|
|
3848
3848
|
prowler/providers/m365/services/exchange/exchange_roles_assignment_policy_addins_disabled/exchange_roles_assignment_policy_addins_disabled.py,sha256=EI24sTGKjUvCyWJhnz_PQxDMSFTFIcvPJeuVx5Yo1jU,1874
|
|
3849
|
-
prowler/providers/m365/services/exchange/exchange_service.py,sha256=
|
|
3849
|
+
prowler/providers/m365/services/exchange/exchange_service.py,sha256=LyHpYfSpIDPK4q3Py-0yPJsq5meU4cfA-gzBwq9cTLg,13685
|
|
3850
3850
|
prowler/providers/m365/services/exchange/exchange_transport_config_smtp_auth_disabled/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
3851
3851
|
prowler/providers/m365/services/exchange/exchange_transport_config_smtp_auth_disabled/exchange_transport_config_smtp_auth_disabled.metadata.json,sha256=B8JAVnRtL4gkp5JtWb4U6PHSIKhSP9vZKxGU7Af-rSg,1556
|
|
3852
3852
|
prowler/providers/m365/services/exchange/exchange_transport_config_smtp_auth_disabled/exchange_transport_config_smtp_auth_disabled.py,sha256=MmnIe-ul0Cb5lnuBM8PK3IPfZknZr-BJ8BIJsTvtyPc,1568
|
|
@@ -3869,7 +3869,7 @@ prowler/providers/m365/services/sharepoint/__init__.py,sha256=47DEQpj8HBSa-_TImW
|
|
|
3869
3869
|
prowler/providers/m365/services/sharepoint/sharepoint_client.py,sha256=OsPyb5VA1RcnCZoA5jL_KwEGKbX3LjoFdAOnOsR07Z0,204
|
|
3870
3870
|
prowler/providers/m365/services/sharepoint/sharepoint_external_sharing_managed/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
3871
3871
|
prowler/providers/m365/services/sharepoint/sharepoint_external_sharing_managed/sharepoint_external_sharing_managed.metadata.json,sha256=2w8aVkFzM4carApgKQTPBfxsvwSW_frCqjhjvSvEb3A,1677
|
|
3872
|
-
prowler/providers/m365/services/sharepoint/sharepoint_external_sharing_managed/sharepoint_external_sharing_managed.py,sha256=
|
|
3872
|
+
prowler/providers/m365/services/sharepoint/sharepoint_external_sharing_managed/sharepoint_external_sharing_managed.py,sha256=Lw257sXP7A0-9DZPq1ss_csV0iS8ZvvbZ0sHt9H6lsE,3035
|
|
3873
3873
|
prowler/providers/m365/services/sharepoint/sharepoint_external_sharing_restricted/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
3874
3874
|
prowler/providers/m365/services/sharepoint/sharepoint_external_sharing_restricted/sharepoint_external_sharing_restricted.metadata.json,sha256=0ZwxQ0alOYlsbcC9niKGrE7RLc8xoN6Xih6cU30WY6c,1593
|
|
3875
3875
|
prowler/providers/m365/services/sharepoint/sharepoint_external_sharing_restricted/sharepoint_external_sharing_restricted.py,sha256=cyoT8Bz_tkDIOwHIdIBbwgGWv5wGCHzalEdAZumbzrw,2089
|
|
@@ -4230,8 +4230,8 @@ prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_versio
|
|
|
4230
4230
|
prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_versioning_enabled/objectstorage_bucket_versioning_enabled.py,sha256=vkga-eV2ANNlrf_5spzoZZy05OCrBzVwuuusJzE0cqY,1374
|
|
4231
4231
|
prowler/providers/oraclecloud/services/objectstorage/objectstorage_client.py,sha256=2kMRKmX3bfHOGxBSKyXIzaRSAPCI_zhABJP3xmPrMRQ,235
|
|
4232
4232
|
prowler/providers/oraclecloud/services/objectstorage/objectstorage_service.py,sha256=N3lJfv-PHcz1wACQmcvNHA_pffyvLOjYIYPUNtYV7gA,4869
|
|
4233
|
-
prowler_cloud-5.14.
|
|
4234
|
-
prowler_cloud-5.14.
|
|
4235
|
-
prowler_cloud-5.14.
|
|
4236
|
-
prowler_cloud-5.14.
|
|
4237
|
-
prowler_cloud-5.14.
|
|
4233
|
+
prowler_cloud-5.14.1.dist-info/LICENSE,sha256=oGZr2ZEftLZTNys3IcUA_b0JftHKg0Zq2wfnrnr7guA,11348
|
|
4234
|
+
prowler_cloud-5.14.1.dist-info/METADATA,sha256=xDOyf6VhT7gdLbjkDphpzkl_qVI9AVyMWIR7XqLqrVA,17519
|
|
4235
|
+
prowler_cloud-5.14.1.dist-info/WHEEL,sha256=XbeZDeTWKc1w7CSIyre5aMDU_-PohRwTQceYnisIYYY,88
|
|
4236
|
+
prowler_cloud-5.14.1.dist-info/entry_points.txt,sha256=sWks5LHwHN_Rhj9HcrghwVKzHPIS4I4lebr-lkVZ-Dk,52
|
|
4237
|
+
prowler_cloud-5.14.1.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|